alternative_right shares a report from Euronews: France's President Emmanuel Macron discovered news of his own supposed overthrow, after he received a message of concern, along with a link to a Facebook video. "On Sunday (14 December) one of my African counterparts got in touch, writing 'Dear president, what's happening to you? I'm very worried,'" Macron told readers of French local newspaper La Provence on December 16.

Alongside the message, a compelling video showcasing a swirling helicopter, military personnel, crowds and -- what appears to be -- a news anchor delivering a piece to camera. "Unofficial reports suggest that there has been a coup in France, led by a colonel whose identity has not been revealed, along with the possible fall of Emmanuel Macron. However, the authorities have not issued a clear statement," she says.

Except, nothing about this video is authentic: it was created with AI. After discovering the video, Macron asked Pharos -- France's official portal for signaling online illicit content -- to call Facebook's parent company Meta, to get the fake video removed. But that request was turned down, as the platform claimed it did not violate its "rules of use." [...] The original video ... racked up more than 12 million views [...].The teenager running the account is based in Burkina Faso and makes money running courses focusing on how to monetize AI. He eventually took the video down more than a week after its initial publication, due to political -- and public -- controversy. "I tend to think that I have more power to apply pressure than other people," Macron said. "Or rather, that it's easier to say something is serious if I am the one calling, but it doesn't work."

"These people are mocking us," he added. "They don't care about the serenity of public debates, they don't care about democracy, and therefore they are putting us in danger."

Microsoft has denied any plans to rewrite Windows 11 using AI and Rust after a LinkedIn post from one of its top-level engineers sparked a wave of online backlash by claiming the company's goal was to "eliminate every line of C and C++ from Microsoft by 2030."

Galen Hunt, a principal software engineer responsible for several large-scale research projects at Microsoft, made the claim in what was originally a hiring post for his team. His original wording described a "North Star" of "1 engineer, 1 month, 1 million lines of code" and outlined a strategy to "combine AI and Algorithms to rewrite Microsoft's largest codebases." The repeated use of "our" in the post led many to interpret it as an official company direction rather than a personal research ambition.

Frank X. Shaw, Microsoft's head of communications, told Windows Latest that the company has no such plans. Hunt subsequently edited his LinkedIn post to clarify that "Windows is NOT being rewritten in Rust with AI" and that his team's work is a research project focused on building technology to enable language-to-language migration. He characterized the reaction as "speculative reading between the lines."

An anonymous reader quotes a report from the Wall Street Journal: Concerned that artificial intelligence could threaten Communist Party rule, Beijing is taking extraordinary steps to keep it under control. Although China's government sees AI as crucial to the country's economic and military future, regulations and recent purges of online content show it also fears AI could destabilize society. Chatbots pose a particular problem: Their ability to think for themselves could generate responses that spur people to question party rule.

In November, Beijing formalized rules it has been working on with AI companies to ensure their chatbots are trained on data filtered for politically sensitive content, and that they can pass an ideological test before going public. All AI-generated texts, videos and images must be explicitly labeled and traceable, making it easier to track and punish anyone spreading undesirable content. Authorities recently said they removed 960,000 pieces of what they regarded as illegal or harmful AI-generated content during three months of an enforcement campaign. Authorities have officially classified AI as a major potential threat, adding it alongside earthquakes and epidemics to its National Emergency Response Plan.

Chinese authorities don't want to regulate too much, people familiar with the government's thinking said. Doing so could extinguish innovation and condemn China to second-tier status in the global AI race behind the U.S., which is taking a more hands-off approach toward policing AI. But Beijing also can't afford to let AI run amok. Chinese leader Xi Jinping said earlier this year that AI brought "unprecedented risks," according to state media. A lieutenant called AI without safety like driving on a highway without brakes. There are signs that China is, for now, finding a way to thread the needle.

Chinese models are scoring well in international rankings, both overall and in specific areas such as computer coding, even as they censor responses about the Tiananmen Square massacre, human-rights concerns and other sensitive topics. Major American AI models are for the most part unavailable in China. It could become harder for DeepSeek and other Chinese models to keep up with U.S. models as AI systems become more sophisticated. Researchers outside of China who have reviewed both Chinese and American models also say that China's regulatory approach has some benefits: Its chatbots are often safer by some metrics, with less violence and pornography, and are less likely to steer people toward self-harm. "The Communist Party's top priority has always been regulating political content, but there are people in the system who deeply care about the other social impacts of AI, especially on children," said Matt Sheehan, who studies Chinese AI at the Carnegie Endowment for International Peace, a think tank. "That may lead models to produce less dangerous content on certain dimensions."

European leaders including Emmanuel Macron have accused Washington of "coercion and intimidation," after the US imposed a visa ban on five prominent European figures who have been at heart of the campaign to introduce laws regulating American tech companies. From a report: The visa bans were imposed on Tuesday on Thierry Breton, the former EU commissioner and one of the architects of the bloc's Digital Services Act (DSA), and four anti-disinformation campaigners, including two in Germany and two in the UK.

The other individuals targeted were Imran Ahmed, the British chief executive of the US-based Center for Countering Digital Hate; Anna-Lena von Hodenberg and Josephine Ballon of the German non-profit HateAid; and Clare Melford, co-founder of the Global Disinformation Index. Justifying the visa bans, the US secretary of state, Marco Rubio, wrote on X: "For far too long, ideologues in Europe have led organised efforts to coerce American platforms to punish American viewpoints they oppose. The Trump administration will no longer tolerate these egregious acts of extraterritorial censorship."

Macron condemned the visa ban in furious terms. "These measures amount to intimidation and coercion aimed at undermining European digital sovereignty," he wrote, also on X. "The European Union's digital regulations were adopted following a democratic and sovereign process by the European Parliament and the Council. They apply within Europe to ensure fair competition among platforms, without targeting any third country, and to ensure that what is illegal offline is also illegal online. The rules governing the European Union's digital space are not meant to be determined outside Europe."

Goldman Sachs, in a note this week, via India Dispatch: There are various reasons that explains this: (i) A large part of the global education spend goes towards formal education (schools, colleges and universities), which are typically either run by governments or are not-for-profit institutions;

(ii) It is difficult to replicate education quality at scale in our view, since most teachers would have a different pedagogy, and thus standardization is harder to achieve vs that in other internet categories;

(iii) Education is fragmented - it includes various fields (schools, undergrad courses, medicine, engg, management, etc.), each with their own curriculum, and the same being vastly different across countries globally; this makes scalability difficult beyond a few certain specializations and regions.

Additionally, we believe the ability for online education to capture a sizable value share of supplemental education is limited since the perceived value of offline, including that from community, in-person engagement and doubt solving, rigour, etc., is typically higher.

However, we note that before China's double reduction policy in 2021, TAL and EDU had market caps of up to US$50 bn; these companies were mostly domestic focused and on the K-12 tutoring segment, which has large volumes. Similarly in India, Byju's reached a peak valuation of US$20 bn+ (link; again, focused on K-12), before issues around governance etc. impacted the business.

An anonymous reader quotes a report from the Associated Press: The State Department announced Tuesday it was barring five Europeans it accused of leading efforts to pressure U.S. tech firms to censor or suppress American viewpoints. The Europeans, characterized by Secretary of State Marco Rubio as "radical" activists and "weaponized" nongovernmental organizations, fell afoul of a new visa policy announced in May to restrict the entry of foreigners deemed responsible for censorship of protected speech in the United States. "For far too long, ideologues in Europe have led organized efforts to coerce American platforms to punish American viewpoints they oppose," Rubio posted on X. "The Trump Administration will no longer tolerate these egregious acts of extraterritorial censorship."

The five Europeans were identified by Sarah Rogers, the under secretary of state for public diplomacy, in a series of posts on social media. [...] The five Europeans named by Rogers are: Imran Ahmed, chief executive of the Centre for Countering Digital Hate; Josephine Ballon and Anna-Lena von Hodenberg, leaders of HateAid, a German organization; Clare Melford, who runs the Global Disinformation Index; and former EU Commissioner Thierry Breton, who was responsible for digital affairs. Rogers in her post on X called Breton, a French business executive and former finance minister, the "mastermind" behind the EU's Digital Services Act, which imposes a set of strict requirements designed to keep internet users safe online. This includes flagging harmful or illegal content like hate speech. She referred to Breton warning Musk of a possible "amplification of harmful content" by broadcasting his livestream interview with Trump in August 2024 when he was running for president.

An anonymous reader quotes a report from TechCrunch: Across Uzbekistan, a network of about a hundred banks of high-resolution roadside cameras continuously scan vehicles' license plates and their occupants, sometimes thousands a day, looking for potential traffic violations. Cars running red lights, drivers not wearing their seatbelts, and unlicensed vehicles driving at night, to name a few. The driver of one of the most surveilled vehicles in the system was tracked over six months as he traveled between the eastern city of Chirchiq, through the capital Tashkent, and in the nearby settlement of Eshonguzar, often multiple times a week. We know this because the country's sprawling license plate-tracking surveillance system has been left exposed to the internet.

Security researcher Anurag Sen, who discovered the security lapse, found the license plate surveillance system exposed online without a password, allowing anyone access to the data within. It's not clear how long the surveillance system has been public, but artifacts from the system show that its database was set up in September 2024, and traffic monitoring began in mid-2025. The exposure offers a rare glimpse into how such national license plate surveillance systems work, the data they collect, and how they can be used to track the whereabouts of any one of the millions of people across an entire country. The lapse also reveals the security and privacy risks associated with the mass monitoring of vehicles and their owners, at a time when the United States is building up its nationwide array of license plate readers, many of which are provided by surveillance giant Flock.

A federal judge blocked Texas' app store age-verification law, ruling it likely violates the First Amendment by forcing platforms to gate speech and collect data in an overly broad way. The law was set to go into effect on January 1, 2026. The Verge reports: In an order granting a preliminary injunction on the Texas App Store Accountability Act (SB 2420), Judge Robert Pitman wrote that the statute "is akin to a law that would require every bookstore to verify the age of every customer at the door and, for minors, require parental consent before the child or teen could enter and again when they try to purchase a book." Pitman has not yet ruled on the merits of the case, but his decision to grant the preliminary injunction means he believes its defenders are unlikely to prevail in court.

Pitman found that the highest level of scrutiny must be applied to evaluate the law under the First Amendment, which means the state must prove the law is "the least restrictive means of achieving a compelling state interest." The judge found this is not the case and that it wouldn't even survive intermediate scrutiny, because Texas has so far failed to prove that its goals are connected to its methods. Since Texas already has a law requiring age verification for porn sites, Pitman said that "only in the vast minority of applications would SB 2420 have a constitutional application to unprotected speech not addressed by other laws." Though Pitman acknowledged the importance of safeguarding kids online, he added, "the means to achieve that end must be consistent with the First Amendment. However compelling the policy concerns, and however widespread the agreement that the issue must be addressed, the Court remains bound by the rule of law." "The Texas App Store Accountability Act is the first among a series of similar state laws to face a legal challenge, making the ruling especially significant, as Congress considers a version of the statute," notes The Verge. "The laws, versions of which also passed in Utah and Louisiana, aim to impose age verification standards at the app store level, making companies like Apple and Google responsible for transmitting signals about users' ages to app developers to block users from age-inappropriate experiences."

"The state can still appeal the ruling with the Fifth Circuit Court of Appeals, which has a history of reversing blocks on internet regulations."

An anonymous reader quotes a report from Ars Technica: CBS cannot contain the online spread of a "60 Minutes" segment that its editor-in-chief, Bari Weiss, tried to block from airing. The episode, "Inside CECOT," featured testimonies from US deportees who were tortured or suffered physical or sexual abuse at a notorious Salvadoran prison, the Center for the Confinement of Terrorism. "Welcome to hell," one former inmate was told upon arriving, the segment reported, while also highlighting a clip of Donald Trump praising CECOT and its leadership for "great facilities, very strong facilities, and they don't play games."

Weiss controversially pulled the segment on Monday, claiming it could not air in the US because it lacked critical voices, as no Trump officials were interviewed. She claimed that the segment "did not advance the ball" and merely echoed others' reporting, NBC News reported. Her plan was to air the segment when it was "ready," insisting that holding stories "for whatever reason" happens "every day in every newsroom." But Weiss apparently did not realize that the "Inside CECOT" would still stream in Canada, giving the public a chance to view the segment as reporters had intended.

Critics accusing CBS of censoring the story quickly shared the segment online Monday after discovering that it was available on the Global TV app. Using a VPN to connect to the app with a Canadian IP address was all it took to override Weiss' block in the US, as 404 Media reported the segment was uploaded to "to a variety of file sharing sites and services, including iCloud, Mega, and as a torrent," including on the recently revived file-sharing service LimeWire. It's currently also available to stream on the Internet Archive, where one reviewer largely summed up the public's response so far, writing, "cannot believe this was pulled, not a dang thing wrong with this segment except it shows truth." "Yo what," joked Reddit user Howzitgoin, highlighting only the word "LimeWire." Another user responded, "man, who knew my nostalgia prof pic would become relevant again, WTF."

"Bringing back LimeWire to illegally rip copies of reporting suppressed by the government is definitely some cyberpunk shit," a Bluesky user wrote.

"We need a champion against the darkness," a Reddit commenter echoed. "I side with LimeWire."

Speaking of Italy's competition authority , it has fined Ryanair $301 million for abusing its dominant market position to limit sales of tickets by online travel agents. The Guardian: The authority said Europe's largest airline had "implemented an abusive strategy to hinder travel agencies" via an "elaborate strategy" of technical obstacles for agents and passengers to make it difficult for online travel agents to sell Ryanair tickets and instead force sales through its own website.

The fine related to Ryanair's conduct between April 2023 and at least until April 2025, the authority said on Tuesday. It said Ryanair had prevented online travel agents from selling tickets on its flights in combination with other airlines and services, weakening competition. Ryanair said it would immediately appeal against the "legally flawed" ruling.

China has unveiled new rules to rein in aggressive pricing tactics by online platforms, prohibiting e-commerce operators from forcing merchants to offer discounts or setting different prices based on user demographics without consent. The 29-article regulation -- jointly issued over the weekend by the National Development and Reform Commission, State Administration for Market Regulation (SAMR), and Cyberspace Administration of China -- lays out detailed compliance requirements that target several long-standing pain points as competition among internet giants has often eroded the rights of both consumers and merchants.

To restore merchant autonomy on pricing, the rules ban platform operators from leveraging their dominant scale to impose "lowest price" agreements. Platforms are prohibited from using traffic throttling, search ranking demotions, or algorithm penalties to pressure merchants into predatory price-cutting or exclusive pricing arrangements.

Alphabet is acquiring Intersect for $4.75 billion to accelerate data center and power-generation capacity as AI infrastructure demand surges. CNBC reports: Alphabet said Intersect's operations will remain independent, but that the acquisition will help bring more data center and generation capacity online faster. "Intersect will help us expand capacity, operate more nimbly in building new power generation in lockstep with new data center load, and reimagine energy solutions to drive U.S. innovation and leadership," Sundar Pichai, CEO of Google and Alphabet, said in a statement.

Google already had a minority stake in Intersect from a funding round that was announced last December. In a release at the time, Intersect said its strategic partnership with Google and TPG Rise Climate aimed to develop gigawatts of data center capacity across the U.S., including a $20 billion investment in renewable power infrastructure by the end of the decade.

Alphabet said Monday that Intersect will work closely with Google's technical infrastructure team, including on the companies' co-located power site and data center in Haskell County, Texas. Google previously announced a $40 billion investment in Texas through 2027, which includes new data center campuses in the state's Haskell and Armstrong counties.

An anonymous reader quotes a report from the Associated Press: With just three days to go before Christmas, a cyberattack knocked France's national postal service offline Monday, blocking and delaying package deliveries and online payments. The timing was miserable for millions of people at the height of the Christmas season, as frazzled postal workers fended off frustrated customers. No one immediately claimed responsibility, but suspicions abounded.

What the postal service La Poste called a ''major network incident'' remained unresolved by Monday evening, more than eight hours after it was first reported. For a company that delivered 2.6 billion packages last year and employs more than 200,000 people, that's a big hit. La Poste said in a statement that a distributed denial of service incident, or DDoS, "rendered its online services inaccessible." It said the incident had no impact on customer data, but disrupted package delivery. Letters, including holiday greeting cards, could still be mailed and delivered. But transactions requiring tracking or access to the postal service internal computer systems were impossible.

The cyberattack also hurt online banking. Customers of the company's banking arm, La Banque Postale, were blocked from using the application to approve payments or conduct other banking services. The bank redirected approvals to text messages instead. "Our teams are mobilized to resolve the situation quickly," the bank said in messages posted on social networks. The disruption came a week after France's government was targeted by a cyberattack that targeted the Interior Ministry, in charge of national security.

They call it "the business-impersonator scam". And it's fooled 396,227 Americans in just the first nine months of 2025 — 18% more than the 335,785 in the same nine months of 2024. That's according to a Bloomberg reporter (who also fell for it in late November), citing the official statistics from America's Federal Trade Commission: Some pose as airline staff on social media and respond to consumer complaints. Others use texts or e-mails claiming to be an airline reporting a delayed or cancelled flight to phish for travellers' data. But the objective is always the same: to hit a stressed out, overwhelmed traveller at their most vulnerable. In my case, the scammer exploited weaknesses in Google's automated ad-screening system, so that fraudulent sponsored results rose to the top [They'd typed "United airlines agent on demand" into Google, and the top search result on their phone said United.com, had a 1-888 number next to it and said it had had 1M+ visits in past month. "It looked legit. I tapped the number..." ]

After I reported the fake "United Airlines" ad to Google, via an online form for consumers, it was taken down. But a few days later, I entered the same search terms and the identical ad featuring the same 1-888 number was back at the top of my results. I reported it again, and it was quickly removed again... A [Google] spokesperson there said the company is constantly evolving its tactics "to stay ahead of bad actors." Of the 5.1 billion ads blocked by the company last year, she said, 415 million were taken down for "scam-related violations." Google updated its ads misrepresentation policy in 2024 to include "impersonating or falsely implying affiliation with a public figure, brand or organization to entice users to provide money or information." Still, many impostor ads slip through the cracks.
"Reported losses from business-impostor scams in the United States rose 30 per cent, to US$835 million, in the first three quarters of 2025," the article points out (citing more figures from the America's Federal Trade Commision). An updated version of the article also includes a response from United Airlines. "We encourage customers to only use customer-service contact information that is listed on our website and app."

And what happened to the scammed reporter? "I called American Express and contested the charge before cancelling my credit card. I then contacted Experian, one of the three major credit bureaus, to put a fraud alert on my file. Next, I filed a complaint with the FTC and reported the fake ad to Google.

"American Express wound up resolving the dispute in my favour, but the memories of this chaotic Thanksgiving will stay with us forever. "

An anonymous reader shared this report from the site It's FOSS: Linux gives you plenty of ways to install software: native distro packages, Flatpak, Snap, AppImage, source builds, even curl-piped installers. The catch is that each one solves a different problem, yet none of them fully eliminates the "works here, breaks there" reality across all distros. Package Forge (PkgForge) is a new project with a narrower mission: deliver truly distro-independent portable applications that run the same way across systems....

It's not a new packaging format in and of itself, nor is it trying to replace AppImages. Instead, it's an ecosystem that publishes portable packages and static binaries in curated repositories, paired with a package manager designed to install and manage them. One of the ways PkgForge stands out from some portable app efforts on Linux is its focus on accessible documentation and a security-minded distribution model. The project primarily delivers prebuilt binary packages, keeps transparent build logs, and relies on checksum verification. This helps reduce the spread of ad-hoc install scripts and the need for local compilation, which has long been a common pattern when downloading Linux software directly (and still is for many projects today).

To make life easier for the end-user, the project maintains its own frontend, called Soar... which you can use like an additional package manager, and let it handle installation, updates, and system integration. It also allows you to search for apps and utilities without having to dig through the repos online. Alternatively, you can search the PkgForge repos manually, and download and manage individual portable packages on your own. This is preferable if you're building a portable toolkit on a USB drive, testing a single app temporarily, or simply want full control over where files live...

Even if it doesn't replace Flatpak, Snap, or AppImage, it helps give definition to what a more flexible, truly distro-independent future for portable Linux apps could look like.

"In the lead up to its Switch 2 console release, Nintendo updated its user agreement," writes the Free Software Foundation, warning that Nintendo now claims "broad authority to make consoles owned by its customers permanently unusable."

"Under Nintendo's most aggressive digital restrictions management (DRM) update to date, game console owners are now required to give Nintendo the unilateral right to revoke access to games, security updates, and the Internet, at its sole discretion." The new agreement states: "You acknowledge that if you fail to comply with [Nintendo's restrictions], Nintendo may render the Nintendo Account Services and/or the applicable Nintendo device permanently unusable in whole or in part...."

There are probably other reasons that Nintendo has and will justify bricking game consoles, but here are some that we have seen reported:

— "Tampering" with hardware or software in pretty much any way;
— Attempting to play a back-up game;
— Playing a "used" game; or
— Use of a third-party game or accessory...


Nintendo's promise to block a user from using their game console isn't just an empty threat: it has already been wielded against many users. For example, within a month of the Switch 2's release, one user unknowingly purchased an open-box return that had been bricked, and despite functional hardware, it was unusable for many games. In another case, a user installing updates for game cartridges purchased via a digital marketplace had their console disabled. Though it's unclear exactly why they were banned, it's possible that the cartridge's previous owner made a copy and an online DRM check determined that the current and previous owner's use were both "fraudulent." The user only had their console released through appealing to Nintendo directly and providing evidence of their purchase, a laborious process.

Nintendo's new console banning spree is just one instance of the threat that nonfree software and DRM pose to users. DRM is but one injustice posed by nonfree software, and the target of the FSF's Defective by Design campaign. Like with all software, users ought to be able to freely copy, study, and modify the programs running on their devices. Proprietary software developers actively oppose and antagonize their users. In the case of Nintendo, this means punishing legitimate users and burdening them with proving that their use is "acceptable." Console users shouldn't have to tread so carefully with a console that they own, and should they misstep, beg Nintendo to allow them to use their consoles again.

"Yet another distro is making the move to the KDE Plasma desktop," writes Linux magazine.

"Parrot OS, a security-focused Linux distribution, is migrating from MATE to KDE Plasma, starting with version 7.0, now available in beta." Based on Debian 13, Parrot OS's goal is a shift toward "modernization, focusing on clearing technical debt and future-proofing the system." One big under-the-hood change is that the/tmpdirectory is now automatically mounted astmpfs(in RAM), as opposed to the physical drive. By making this change, Parrot OS enjoys improved performance and reduces wear on SSDs. This shift also means that all data in/tmpis lost during a reboot.
ParrotOS senior systems engineer Dario Camonita explains the change in a blog post, calling it "not only aesthetic, but also in terms of usability and greater consistency with our future goals..."

"While MATE will continue to be supported by us as long as upstream development continues, We have noticed and observed the continuous improvements made by the KDE team..."

And elsewhere Linux Magazine notes two other distros are embracing the desktop Enlightenment: For years, Bodhi Linux was one of the very few distributions that used anything based on Enlightenment. That period of loneliness is officially over, withMX Mokshaand AV Linux 25. MX Moksha doesn't replace the original MX Linux. Instead, it will serve as an "official spin" of the distribution...

The Enlightenment desktop (and subsequently Moksha) was developed with systemd in mind, so MX Moksha uses systemd. If you're not a fan of systemd, MX Moksha is not for you. MX Moksha is lighter than MX Linux, so it will perform better on older machines. It also uses the Liquorix kernel for lower latency. AV Linux has been released with the Xfce and LXDE desktops at different times and has only recently opted to make the switch to Enlightenment.

An independent review found that at least ten technical and process failures during a routine firewall upgrade at Australia's Optus prevented emergency calls from reaching Triple Zero for 14 hours, during which 455 calls failed and two callers died. The Register reports: On Thursday, Optus published an independent report (PDF) on the matter written by Dr Kerry Schott, an Australian executive who has held senior management roles at many of the country's most significant businesses. The report found that Optus planned 18 firewall upgrades and had executed 15 without incident. But on the 16th upgrade, Optus issued incorrect instructions to its outsourced provider Nokia. [...] Schott summarized the incident as follows: "Three issues are clear during this incident. The first is the very poor management and performance within [Optus] Networks and their contractor, Nokia. Process was not followed, and incorrect procedures were selected. Checks were inadequate, controls avoided and alerts given insufficient attention. There appeared to be reticence in seeking more experienced advice within Networks and a focus on speed and getting the task done, rather than an emphasis on doing things properly."

The review also found that Optus' call center didn't appreciate it could be "the first alert channel for Triple Zero difficulties." The document also notes that Australian telcos try to route 000 calls during outages, but that doing so is not easy and is made harder by the fact that different smartphones behave in different ways. Optus does warn customers if their devices have not been tested for their ability to connect to 000, and maintains a list of known bad devices. But the report notes Optus's process "does not capture so-called 'grey' devices that have been bought online or overseas and may not be compliant." "To have a standard firewall upgrade go so badly is inexcusable," the document states. "Execution was poor and seemed more focussed on getting things done than on being right. Supervision of both network staff and Nokia must be more disciplined to get things right."

An anonymous reader quotes a report from Ars Technica: At this point, most competitive online multiplayer games on the PC come with some kind of kernel-level anti-cheat software. As we've written before, this is software that runs with more elevated privileges than most other apps and games you run on your PC, allowing it to load in earlier and detect advanced methods of cheating. More recently, anti-cheat software has started to require more Windows security features like Secure Boot, a TPM 2.0 module, and virtualization-based memory integrity protection. Riot Games, best known for titles like Valorant and League of Legends and the Vanguard anti-cheat software, has often been one of the earliest to implement new anti-cheat requirements. There's already a long list of checks that systems need to clear before they'll be allowed to play Riot's games online, and now the studio is announcing a new one: a BIOS update requirement that will be imposed on "certain players" following Riot's discovery of a UEFI bug that could allow especially dedicated and motivated cheaters to circumvent certain memory protections.

In short, the bug affects the input-output memory management unit (IOMMU) "on some UEFI-based motherboards from multiple vendors." One feature of the IOMMU is to protect system memory from direct access during boot by external hardware devices, which otherwise might manipulate the contents of your PC's memory in ways that could enable cheating. The patch for these security vulnerabilities (CVE-2025-11901, CVE-202514302, CVE-2025-14303, and CVE-2025-14304) fixes a problem where this pre-boot direct memory access (DMA) protection could be disabled even if it was marked as enabled in the BIOS, creating a small window during the boot process where DMA devices could gain access to RAM.

The relative obscurity and complexity of this hardware exploit means that Vanguard isn't going to be enforcing these BIOS requirements on every single player of its games. For now, it will just apply to "restricted" players of Valorant whose systems, for one reason or another, are "too similar to cheaters who get around security features in order to become undetectable to Vanguard." But Riot says it's considering rolling the BIOS requirement out to all players in Valorant's highest competitive ranking tiers (Ascendant, Immortal, and Radiant), where there's more to be gained from working around the anti-cheat software. And Riot anti-cheat analyst Mohamed Al-Sharifi says the same restrictions could be turned on for League of Legends, though they aren't currently. If users are blocked from playing by Vanguard, they'll need to download and install the latest BIOS update for their motherboard before they'll be allowed to launch the game. Riot's new anti-cheat change could create problems for older PCs if the new anti-cheat change is expanded, notes Ars.

The update relies on a BIOS patch to fix a UEFI flaw, and many older motherboards, especially Intel 300-series and AMD AM4 boards, may never receive that update. If Riot flags a system and the manufacturer doesn't provide a patched BIOS, players could be locked out of games despite having otherwise capable hardware.

alternative_right writes: Grocery delivery service Instacart will refund $60 million to settle FTC claims that it misled customers with false advertising and unlawfully enrolled them in paid subscriptions. Instacart partners with over 1,800 retailers to provide online shopping, delivery, and pickup services from nearly 100,000 stores across North America. Its platform serves millions of customers and is also used by roughly 600,000 independent shoppers across thousands of cities in Canada and the United States.

In a complaint filed on Thursday, the FTC claimed Instacart engaged in multiple deceptive tactics that raised costs for customers, including failing to provide advertised refunds and falsely advertising "free delivery" while still charging mandatory service fees that added up to 15% to order costs. The FTC said Instacart also advertised a "100% satisfaction guarantee," but typically offered only small credits toward future orders rather than full refunds to customers experiencing problems with deliveries or service. The company allegedly hid refund options from "self-service" menus, leading customers to believe credits were their only option.